Connessioni a porta 135 e altre porte aperte

F

Fabrizio

Ciao a tutti, ho windows XP guardando il netstat -n ho visto che sul pc ci
sono troppe connessioni in ascolto sulla porta 135 da parte dello stesso
range di IP... guardate qui, aperto solo messenger, scheda di rete in
ascolto e forum di html.it (che sono le ultime righe):



----------------------------------------------------------------------------
--
Proto Indirizzo locale Indirizzo esterno Stato
TCP 80.117.13.90:135 64.198.2.130:4597 ESTABLISHED
TCP 80.117.13.90:135 68.248.140.2:3469 ESTABLISHED
TCP 80.117.13.90:135 80.116.12.173:3561 ESTABLISHED
TCP 80.117.13.90:135 80.116.69.126:1623 ESTABLISHED
TCP 80.117.13.90:135 80.116.93.52:4728 ESTABLISHED
TCP 80.117.13.90:135 80.116.98.2:4721 ESTABLISHED
TCP 80.117.13.90:135 80.116.101.31:4751 ESTABLISHED
TCP 80.117.13.90:135 80.116.117.70:4147 ESTABLISHED
TCP 80.117.13.90:135 80.116.119.137:4479 ESTABLISHED
TCP 80.117.13.90:135 80.116.138.199:3122 ESTABLISHED
TCP 80.117.13.90:135 80.116.142.30:1532 ESTABLISHED
TCP 80.117.13.90:135 80.116.163.77:1546 ESTABLISHED
TCP 80.117.13.90:135 80.116.171.13:2779 ESTABLISHED
TCP 80.117.13.90:135 80.116.172.112:3165 ESTABLISHED
TCP 80.117.13.90:135 80.116.183.71:4441 ESTABLISHED
TCP 80.117.13.90:135 80.116.201.102:4521 ESTABLISHED
TCP 80.117.13.90:135 80.116.203.20:4043 ESTABLISHED
TCP 80.117.13.90:135 80.116.220.204:4126 ESTABLISHED
TCP 80.117.13.90:135 80.116.221.206:3486 ESTABLISHED
TCP 80.117.13.90:135 80.116.223.175:4067 ESTABLISHED
TCP 80.117.13.90:135 80.116.224.225:1729 ESTABLISHED
TCP 80.117.13.90:135 80.116.225.142:4845 ESTABLISHED
TCP 80.117.13.90:135 80.116.231.26:1446 ESTABLISHED
TCP 80.117.13.90:135 80.116.232.199:4543 ESTABLISHED
TCP 80.117.13.90:135 80.116.234.167:3613 ESTABLISHED
TCP 80.117.13.90:135 80.116.247.234:1064 ESTABLISHED
TCP 80.117.13.90:135 80.116.248.43:4140 ESTABLISHED
TCP 80.117.13.90:135 80.116.249.73:4743 ESTABLISHED
TCP 80.117.13.90:135 80.116.249.226:2449 ESTABLISHED
TCP 80.117.13.90:135 80.116.249.232:3931 ESTABLISHED
TCP 80.117.13.90:135 80.116.252.100:3893 ESTABLISHED
TCP 80.117.13.90:135 80.116.253.15:4417 ESTABLISHED
TCP 80.117.13.90:135 80.116.253.57:3588 ESTABLISHED
TCP 80.117.13.90:135 80.116.255.84:4986 ESTABLISHED
TCP 80.117.13.90:135 80.117.0.35:1347 ESTABLISHED
TCP 80.117.13.90:135 80.117.2.51:3914 ESTABLISHED
TCP 80.117.13.90:135 80.117.2.110:4252 ESTABLISHED
TCP 80.117.13.90:135 80.117.3.40:2070 ESTABLISHED
TCP 80.117.13.90:135 80.117.4.188:3816 ESTABLISHED
TCP 80.117.13.90:135 80.117.4.219:3829 ESTABLISHED
TCP 80.117.13.90:135 80.117.9.23:3782 ESTABLISHED
TCP 80.117.13.90:135 80.117.9.23:3806 ESTABLISHED
TCP 80.117.13.90:135 80.117.9.139:4823 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.21:4189 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.92:2433 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.127:4024 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.127:4044 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.162:2158 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.162:2178 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.228:4160 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.228:4181 ESTABLISHED
TCP 80.117.13.90:135 80.117.21.36:1789 ESTABLISHED
TCP 80.117.13.90:135 80.117.21.206:3256 ESTABLISHED
TCP 80.117.13.90:135 80.117.22.59:4857 ESTABLISHED
TCP 80.117.13.90:135 80.117.22.99:4276 ESTABLISHED
TCP 80.117.13.90:135 80.117.22.103:4006 ESTABLISHED
TCP 80.117.13.90:135 80.117.23.239:3667 ESTABLISHED
TCP 80.117.13.90:135 80.117.23.248:3776 ESTABLISHED
TCP 80.117.13.90:135 80.117.25.65:1965 ESTABLISHED
TCP 80.117.13.90:135 80.117.27.170:3744 ESTABLISHED
TCP 80.117.13.90:135 80.117.28.36:2029 ESTABLISHED
TCP 80.117.13.90:135 80.117.28.69:1482 ESTABLISHED
TCP 80.117.13.90:135 80.117.29.83:2062 ESTABLISHED
TCP 80.117.13.90:135 80.117.29.211:1178 ESTABLISHED
TCP 80.117.13.90:135 80.117.29.246:2033 ESTABLISHED
TCP 80.117.13.90:135 80.138.33.94:1593 ESTABLISHED
TCP 80.117.13.90:445 80.117.222.195:3776 ESTABLISHED
TCP 80.117.13.90:3029 207.46.106.88:1863 ESTABLISHED
TCP 80.117.13.90:4436 212.110.12.173:80 ESTABLISHED
TCP 80.117.13.90:4437 212.110.13.98:80 ESTABLISHED
TCP 80.117.13.90:4438 213.152.192.212:80 ESTABLISHED
----------------------------------------------------------------------------
--

la 135 è la porta epmap, ma ho visto che viene sfruttata anche dal
Blaster...
ora visto che io non sono infetto, sono attacchi da altri pc? Da notare che
il mio firewall (Sygate Personal Firewall Pro) mi segnala migliaia di
tentativi al giorno di intrusione sulle porte del blaster.

Inoltre ho provato a fare una scansione sul sito della Sygate senza firewall
e la situazione diventa un po' pericolosa! Ho aperta la porta 8, 135, 139
(netbios!!), la 445, la 5000 (UPnP)...

disabilitando la 5000 che conseguenze negative ho sul sistema?
Netbios dove si disabilita in Windows XP? Per la rete locale (2 PC connessi
con cavo cross) creerei dei problemi disattivandolo?
per le porte 8, 135 e 445 come risolvo?

grazie mille dell'aiuto! e scusate la lunghezza!
 
F

Fabrizio

OPS sorry... now I traslate :blush:)


Fabrizio said:
Ciao a tutti, ho windows XP guardando il netstat -n ho visto che sul pc ci
sono troppe connessioni in ascolto sulla porta 135 da parte dello stesso
range di IP... guardate qui, aperto solo messenger, scheda di rete in
ascolto e forum di html.it (che sono le ultime righe):



-------------------------------------------------------------------------- --
--
Proto Indirizzo locale Indirizzo esterno Stato
TCP 80.117.13.90:135 64.198.2.130:4597 ESTABLISHED
TCP 80.117.13.90:135 68.248.140.2:3469 ESTABLISHED
TCP 80.117.13.90:135 80.116.12.173:3561 ESTABLISHED
TCP 80.117.13.90:135 80.116.69.126:1623 ESTABLISHED
TCP 80.117.13.90:135 80.116.93.52:4728 ESTABLISHED
TCP 80.117.13.90:135 80.116.98.2:4721 ESTABLISHED
TCP 80.117.13.90:135 80.116.101.31:4751 ESTABLISHED
TCP 80.117.13.90:135 80.116.117.70:4147 ESTABLISHED
TCP 80.117.13.90:135 80.116.119.137:4479 ESTABLISHED
TCP 80.117.13.90:135 80.116.138.199:3122 ESTABLISHED
TCP 80.117.13.90:135 80.116.142.30:1532 ESTABLISHED
TCP 80.117.13.90:135 80.116.163.77:1546 ESTABLISHED
TCP 80.117.13.90:135 80.116.171.13:2779 ESTABLISHED
TCP 80.117.13.90:135 80.116.172.112:3165 ESTABLISHED
TCP 80.117.13.90:135 80.116.183.71:4441 ESTABLISHED
TCP 80.117.13.90:135 80.116.201.102:4521 ESTABLISHED
TCP 80.117.13.90:135 80.116.203.20:4043 ESTABLISHED
TCP 80.117.13.90:135 80.116.220.204:4126 ESTABLISHED
TCP 80.117.13.90:135 80.116.221.206:3486 ESTABLISHED
TCP 80.117.13.90:135 80.116.223.175:4067 ESTABLISHED
TCP 80.117.13.90:135 80.116.224.225:1729 ESTABLISHED
TCP 80.117.13.90:135 80.116.225.142:4845 ESTABLISHED
TCP 80.117.13.90:135 80.116.231.26:1446 ESTABLISHED
TCP 80.117.13.90:135 80.116.232.199:4543 ESTABLISHED
TCP 80.117.13.90:135 80.116.234.167:3613 ESTABLISHED
TCP 80.117.13.90:135 80.116.247.234:1064 ESTABLISHED
TCP 80.117.13.90:135 80.116.248.43:4140 ESTABLISHED
TCP 80.117.13.90:135 80.116.249.73:4743 ESTABLISHED
TCP 80.117.13.90:135 80.116.249.226:2449 ESTABLISHED
TCP 80.117.13.90:135 80.116.249.232:3931 ESTABLISHED
TCP 80.117.13.90:135 80.116.252.100:3893 ESTABLISHED
TCP 80.117.13.90:135 80.116.253.15:4417 ESTABLISHED
TCP 80.117.13.90:135 80.116.253.57:3588 ESTABLISHED
TCP 80.117.13.90:135 80.116.255.84:4986 ESTABLISHED
TCP 80.117.13.90:135 80.117.0.35:1347 ESTABLISHED
TCP 80.117.13.90:135 80.117.2.51:3914 ESTABLISHED
TCP 80.117.13.90:135 80.117.2.110:4252 ESTABLISHED
TCP 80.117.13.90:135 80.117.3.40:2070 ESTABLISHED
TCP 80.117.13.90:135 80.117.4.188:3816 ESTABLISHED
TCP 80.117.13.90:135 80.117.4.219:3829 ESTABLISHED
TCP 80.117.13.90:135 80.117.9.23:3782 ESTABLISHED
TCP 80.117.13.90:135 80.117.9.23:3806 ESTABLISHED
TCP 80.117.13.90:135 80.117.9.139:4823 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.21:4189 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.92:2433 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.127:4024 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.127:4044 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.162:2158 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.162:2178 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.228:4160 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.228:4181 ESTABLISHED
TCP 80.117.13.90:135 80.117.21.36:1789 ESTABLISHED
TCP 80.117.13.90:135 80.117.21.206:3256 ESTABLISHED
TCP 80.117.13.90:135 80.117.22.59:4857 ESTABLISHED
TCP 80.117.13.90:135 80.117.22.99:4276 ESTABLISHED
TCP 80.117.13.90:135 80.117.22.103:4006 ESTABLISHED
TCP 80.117.13.90:135 80.117.23.239:3667 ESTABLISHED
TCP 80.117.13.90:135 80.117.23.248:3776 ESTABLISHED
TCP 80.117.13.90:135 80.117.25.65:1965 ESTABLISHED
TCP 80.117.13.90:135 80.117.27.170:3744 ESTABLISHED
TCP 80.117.13.90:135 80.117.28.36:2029 ESTABLISHED
TCP 80.117.13.90:135 80.117.28.69:1482 ESTABLISHED
TCP 80.117.13.90:135 80.117.29.83:2062 ESTABLISHED
TCP 80.117.13.90:135 80.117.29.211:1178 ESTABLISHED
TCP 80.117.13.90:135 80.117.29.246:2033 ESTABLISHED
TCP 80.117.13.90:135 80.138.33.94:1593 ESTABLISHED
TCP 80.117.13.90:445 80.117.222.195:3776 ESTABLISHED
TCP 80.117.13.90:3029 207.46.106.88:1863 ESTABLISHED
TCP 80.117.13.90:4436 212.110.12.173:80 ESTABLISHED
TCP 80.117.13.90:4437 212.110.13.98:80 ESTABLISHED
TCP 80.117.13.90:4438 213.152.192.212:80 ESTABLISHED
-------------------------------------------------------------------------- --
--

la 135 è la porta epmap, ma ho visto che viene sfruttata anche dal
Blaster...
ora visto che io non sono infetto, sono attacchi da altri pc? Da notare che
il mio firewall (Sygate Personal Firewall Pro) mi segnala migliaia di
tentativi al giorno di intrusione sulle porte del blaster.

Inoltre ho provato a fare una scansione sul sito della Sygate senza firewall
e la situazione diventa un po' pericolosa! Ho aperta la porta 8, 135, 139
(netbios!!), la 445, la 5000 (UPnP)...

disabilitando la 5000 che conseguenze negative ho sul sistema?
Netbios dove si disabilita in Windows XP? Per la rete locale (2 PC connessi
con cavo cross) creerei dei problemi disattivandolo?
per le porte 8, 135 e 445 come risolvo?

grazie mille dell'aiuto! e scusate la lunghezza!
Click to expand...
 
F

Fabrizio

Hi all, I've Windows XP... using "netstat -n" command I can see too many
active connection on port 135 from the same range of IP... look at this
table! My pc was running only the messenger, a web page and listening in the
lan!

---------------------------------------------------------------------------
---
Proto Local address Remote address State
TCP 80.117.13.90:135 64.198.2.130:4597 ESTABLISHED
TCP 80.117.13.90:135 68.248.140.2:3469 ESTABLISHED
TCP 80.117.13.90:135 80.116.12.173:3561 ESTABLISHED
TCP 80.117.13.90:135 80.116.69.126:1623 ESTABLISHED
TCP 80.117.13.90:135 80.116.93.52:4728 ESTABLISHED
TCP 80.117.13.90:135 80.116.98.2:4721 ESTABLISHED
TCP 80.117.13.90:135 80.116.101.31:4751 ESTABLISHED
TCP 80.117.13.90:135 80.116.117.70:4147 ESTABLISHED
TCP 80.117.13.90:135 80.116.119.137:4479 ESTABLISHED
TCP 80.117.13.90:135 80.116.138.199:3122 ESTABLISHED
TCP 80.117.13.90:135 80.116.142.30:1532 ESTABLISHED
TCP 80.117.13.90:135 80.116.163.77:1546 ESTABLISHED
TCP 80.117.13.90:135 80.116.171.13:2779 ESTABLISHED
TCP 80.117.13.90:135 80.116.172.112:3165 ESTABLISHED
TCP 80.117.13.90:135 80.116.183.71:4441 ESTABLISHED
TCP 80.117.13.90:135 80.116.201.102:4521 ESTABLISHED
TCP 80.117.13.90:135 80.116.203.20:4043 ESTABLISHED
TCP 80.117.13.90:135 80.116.220.204:4126 ESTABLISHED
TCP 80.117.13.90:135 80.116.221.206:3486 ESTABLISHED
TCP 80.117.13.90:135 80.116.223.175:4067 ESTABLISHED
TCP 80.117.13.90:135 80.116.224.225:1729 ESTABLISHED
TCP 80.117.13.90:135 80.116.225.142:4845 ESTABLISHED
TCP 80.117.13.90:135 80.116.231.26:1446 ESTABLISHED
TCP 80.117.13.90:135 80.116.232.199:4543 ESTABLISHED
TCP 80.117.13.90:135 80.116.234.167:3613 ESTABLISHED
TCP 80.117.13.90:135 80.116.247.234:1064 ESTABLISHED
TCP 80.117.13.90:135 80.116.248.43:4140 ESTABLISHED
TCP 80.117.13.90:135 80.116.249.73:4743 ESTABLISHED
TCP 80.117.13.90:135 80.116.249.226:2449 ESTABLISHED
TCP 80.117.13.90:135 80.116.249.232:3931 ESTABLISHED
TCP 80.117.13.90:135 80.116.252.100:3893 ESTABLISHED
TCP 80.117.13.90:135 80.116.253.15:4417 ESTABLISHED
TCP 80.117.13.90:135 80.116.253.57:3588 ESTABLISHED
TCP 80.117.13.90:135 80.116.255.84:4986 ESTABLISHED
TCP 80.117.13.90:135 80.117.0.35:1347 ESTABLISHED
TCP 80.117.13.90:135 80.117.2.51:3914 ESTABLISHED
TCP 80.117.13.90:135 80.117.2.110:4252 ESTABLISHED
TCP 80.117.13.90:135 80.117.3.40:2070 ESTABLISHED
TCP 80.117.13.90:135 80.117.4.188:3816 ESTABLISHED
TCP 80.117.13.90:135 80.117.4.219:3829 ESTABLISHED
TCP 80.117.13.90:135 80.117.9.23:3782 ESTABLISHED
TCP 80.117.13.90:135 80.117.9.23:3806 ESTABLISHED
TCP 80.117.13.90:135 80.117.9.139:4823 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.21:4189 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.92:2433 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.127:4024 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.127:4044 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.162:2158 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.162:2178 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.228:4160 ESTABLISHED
TCP 80.117.13.90:135 80.117.13.228:4181 ESTABLISHED
TCP 80.117.13.90:135 80.117.21.36:1789 ESTABLISHED
TCP 80.117.13.90:135 80.117.21.206:3256 ESTABLISHED
TCP 80.117.13.90:135 80.117.22.59:4857 ESTABLISHED
TCP 80.117.13.90:135 80.117.22.99:4276 ESTABLISHED
TCP 80.117.13.90:135 80.117.22.103:4006 ESTABLISHED
TCP 80.117.13.90:135 80.117.23.239:3667 ESTABLISHED
TCP 80.117.13.90:135 80.117.23.248:3776 ESTABLISHED
TCP 80.117.13.90:135 80.117.25.65:1965 ESTABLISHED
TCP 80.117.13.90:135 80.117.27.170:3744 ESTABLISHED
TCP 80.117.13.90:135 80.117.28.36:2029 ESTABLISHED
TCP 80.117.13.90:135 80.117.28.69:1482 ESTABLISHED
TCP 80.117.13.90:135 80.117.29.83:2062 ESTABLISHED
TCP 80.117.13.90:135 80.117.29.211:1178 ESTABLISHED
TCP 80.117.13.90:135 80.117.29.246:2033 ESTABLISHED
TCP 80.117.13.90:135 80.138.33.94:1593 ESTABLISHED
TCP 80.117.13.90:445 80.117.222.195:3776 ESTABLISHED
TCP 80.117.13.90:3029 207.46.106.88:1863 ESTABLISHED
TCP 80.117.13.90:4436 212.110.12.173:80 ESTABLISHED
TCP 80.117.13.90:4437 212.110.13.98:80 ESTABLISHED
TCP 80.117.13.90:4438 213.152.192.212:80 ESTABLISHED
----------------------------------------------------------------------------
--

135 is the epmap port... used also by blaster... but i'm not infected... are
those others infected pc attacks?
note that my Sygate Personal Firewall Pro blocks lots of attacks day by day
(about 3000/day!!)

Furthermore I've tried to make a security scan on the the Sygate web site
with my firewall turned off and I can see that I've the 8, 135, 139
(netbios), 445, 5000 (UPnP) ports opened!

So these are my questions:
Turning down UPnP service what's happen to my system?
Where can I disable Netbios?
If I disable Netbios my little LAN (2 pc with a cross cable) could have some
problem?
What can I do for 8, 135 and 445?

Thanks a lot, sorry for the long post (and sorry for posting in Italian
:blush:))!
Cya
Fabrizio
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Too many connection on port 135 and some security questions 4
mbsa e gpo firewall 0
Porta parallela esterna 1
Informazioni scheda tv per pc 1
festa dei bambini a firenze e proteste x la scuola di coverciano giratela ai giornalisti che vengan 1
Accesso a SQL Server 2000 in rete molto lento da Windows Vista 2
file non in linea 1
USB non funziona con XP e modem ADSL 2

Top